feat: add production deployment config

- Add docker-compose.prod.yml and Caddyfile for Caddy reverse proxy
- Add production stages to frontend Dockerfile (nginx for static files)
- Fix monorepo package exports for production builds (dist/src paths)
- Add CORS_ORIGIN env var for cross-origin config
- Add Better Auth baseURL, cookie domain, and trusted origins from env
- Use VITE_API_URL for API calls in auth-client and play route
- Add credentials: include for cross-origin fetch requests
- Remove unused users table from schema

apps/api/Dockerfile

@@ -32,11 +32,13 @@ RUN pnpm --filter api build
 # 5. run
 FROM base AS runner
 WORKDIR /app
-COPY --from=deps /app/node_modules ./node_modules
-COPY --from=deps /app/packages/shared/package.json /app/packages/shared/package.json
-COPY --from=deps /app/packages/db/package.json /app/packages/db/package.json
-COPY --from=builder /app/apps/api/dist ./dist
-COPY --from=builder /app/packages/shared/dist /app/packages/shared/dist
-COPY --from=builder /app/packages/db/dist /app/packages/db/dist
+COPY pnpm-lock.yaml pnpm-workspace.yaml package.json ./
+COPY apps/api/package.json ./apps/api/
+COPY packages/shared/package.json ./packages/shared/
+COPY packages/db/package.json ./packages/db/
+COPY --from=builder /app/apps/api/dist ./apps/api/dist
+COPY --from=builder /app/packages/shared/dist ./packages/shared/dist
+COPY --from=builder /app/packages/db/dist ./packages/db/dist
+RUN pnpm install --frozen-lockfile --prod
 EXPOSE 3000
-CMD ["node", "dist/server.js"]
+CMD ["node", "apps/api/dist/src/server.js"]

apps/api/package.json

@@ -6,7 +6,7 @@
   "scripts": {
     "dev": "tsx watch src/server.ts",
     "build": "tsc",
-    "start": "node dist/server.js",
+    "start": "node dist/src/server.js",
     "test": "vitest"
   },
   "dependencies": {

apps/api/src/app.ts

@@ -9,7 +9,12 @@ import cors from "cors";
 export function createApp() {
   const app: Express = express();
 
-  app.use(cors({ origin: "http://localhost:5173", credentials: true }));
+  app.use(
+    cors({
+      origin: process.env["CORS_ORIGIN"] || "http://localhost:5173",
+      credentials: true,
+    }),
+  );
   app.all("/api/auth/*splat", toNodeHandler(auth));
   app.use(express.json());
   app.use("/api/v1", apiRouter);

apps/api/src/lib/auth.ts

@@ -4,8 +4,19 @@ import { db } from "@lila/db";
 import * as schema from "@lila/db/schema";
 
 export const auth = betterAuth({
+  baseURL: process.env["BETTER_AUTH_URL"] || "http://localhost:3000",
+  advanced: {
+    cookiePrefix: "lila",
+    defaultCookieAttributes: {
+      ...(process.env["COOKIE_DOMAIN"] && {
+        domain: process.env["COOKIE_DOMAIN"],
+      }),
+      secure: !!process.env["COOKIE_DOMAIN"],
+      sameSite: "lax" as const,
+    },
+  },
   database: drizzleAdapter(db, { provider: "pg", schema }),
-  trustedOrigins: ["http://localhost:5173"],
+  trustedOrigins: [process.env["CORS_ORIGIN"] || "http://localhost:5173"],
   socialProviders: {
     google: {
       clientId: process.env["GOOGLE_CLIENT_ID"] as string,